[....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[ 23.206471] random: sshd: uninitialized urandom read (32 bytes read) [?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 29.104145] random: sshd: uninitialized urandom read (32 bytes read) [ 29.567605] random: sshd: uninitialized urandom read (32 bytes read) [ 30.115734] random: sshd: uninitialized urandom read (32 bytes read) [ 30.295366] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.17' (ECDSA) to the list of known hosts. [ 36.018370] random: sshd: uninitialized urandom read (32 bytes read) executing program [ 36.114312] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html for details. [ 36.138984] ================================================================== [ 36.148950] BUG: KASAN: use-after-free in __schedule+0xf54/0x1df0 [ 36.155183] Read of size 8 at addr ffff8801b8350058 by task syz-executor219/4669 [ 36.162704] [ 36.164333] CPU: 1 PID: 4669 Comm: syz-executor219 Not tainted 4.19.0-rc1+ #217 [ 36.171771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 36.181125] Call Trace: [ 36.183722] dump_stack+0x1c9/0x2b4 [ 36.187352] ? dump_stack_print_info.cold.2+0x52/0x52 [ 36.192540] ? printk+0xa7/0xcf [ 36.195817] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 36.200576] ? __schedule+0xf54/0x1df0 [ 36.204466] print_address_description+0x6c/0x20b [ 36.209306] ? __schedule+0xf54/0x1df0 [ 36.213195] kasan_report.cold.7+0x242/0x30d [ 36.217607] __asan_report_load8_noabort+0x14/0x20 [ 36.222540] __schedule+0xf54/0x1df0 [ 36.226250] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.231353] ? __sched_text_start+0x8/0x8 [ 36.235502] ? __call_srcu+0x7e7/0x1040 [ 36.239482] ? check_same_owner+0x340/0x340 [ 36.243804] ? mark_held_locks+0x160/0x160 [ 36.248035] ? find_held_lock+0x36/0x1c0 [ 36.252097] preempt_schedule_common+0x22/0x60 [ 36.256690] _cond_resched+0x1d/0x30 [ 36.260404] wait_for_completion+0xa5/0x8d0 [ 36.264732] ? wait_for_completion_interruptible+0x950/0x950 [ 36.270530] ? __lockdep_init_map+0x105/0x590 [ 36.275026] ? __init_waitqueue_head+0x9e/0x150 [ 36.279691] ? init_wait_entry+0x1c0/0x1c0 [ 36.283931] __synchronize_srcu+0x189/0x240 [ 36.288248] ? call_srcu+0x10/0x10 [ 36.291789] ? rcu_unexpedite_gp+0x20/0x20 [ 36.296049] synchronize_srcu+0x335/0x56f [ 36.300196] ? lock_downgrade+0x8f0/0x8f0 [ 36.304342] ? synchronize_srcu_expedited+0x20/0x20 [ 36.309360] ? kasan_check_read+0x11/0x20 [ 36.313512] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 36.318092] ? kasan_check_write+0x14/0x20 [ 36.322337] ? do_raw_spin_lock+0xc1/0x200 [ 36.326578] kvm_page_track_unregister_notifier+0x17d/0x250 [ 36.332290] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 36.337739] ? kvfree+0x61/0x70 [ 36.341023] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.346038] kvm_mmu_uninit_vm+0x1c/0x20 [ 36.350108] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 36.354517] ? kvm_arch_sync_events+0x30/0x30 [ 36.359013] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.364557] ? mmu_notifier_unregister+0x474/0x600 [ 36.369483] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.373888] ? kfree+0x111/0x210 [ 36.377259] ? __mmu_notifier_register+0x30/0x30 [ 36.382019] ? __free_pages+0x10a/0x190 [ 36.385997] ? free_unref_page+0x930/0x930 [ 36.390244] kvm_put_kvm+0x73f/0x1060 [ 36.394049] ? kvm_write_guest_cached+0x40/0x40 [ 36.398719] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.403213] ? _raw_spin_unlock_irq+0x27/0x70 [ 36.407709] ? lockdep_hardirqs_on+0x421/0x5c0 [ 36.412295] ? kasan_check_write+0x14/0x20 [ 36.416530] ? do_raw_spin_lock+0xc1/0x200 [ 36.420769] ? kvm_irqfd_release+0xdd/0x120 [ 36.425271] ? kvm_irqfd_release+0xdd/0x120 [ 36.429593] ? kvm_put_kvm+0x1060/0x1060 [ 36.433658] kvm_vm_release+0x42/0x50 [ 36.437459] __fput+0x38a/0xa40 [ 36.440740] ? __alloc_file+0x400/0x400 [ 36.444721] ? check_same_owner+0x340/0x340 [ 36.449043] ? kasan_check_write+0x14/0x20 [ 36.453296] ? do_raw_spin_lock+0xc1/0x200 [ 36.457528] ____fput+0x15/0x20 [ 36.460807] task_work_run+0x1e8/0x2a0 [ 36.464696] ? task_work_cancel+0x240/0x240 [ 36.469020] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 36.474556] ? switch_task_namespaces+0xa2/0xd0 [ 36.479228] do_exit+0x1ae4/0x26e0 [ 36.482778] ? mm_update_next_owner+0x9a0/0x9a0 [ 36.487459] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 36.491699] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.496715] ? kfree+0x1d7/0x210 [ 36.500087] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 36.504336] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.510049] ? is_bpf_text_address+0xd7/0x170 [ 36.514541] ? kernel_text_address+0x79/0xf0 [ 36.518945] ? __kernel_text_address+0xd/0x40 [ 36.523442] ? unwind_get_return_address+0x61/0xa0 [ 36.528550] ? __save_stack_trace+0x8d/0xf0 [ 36.532877] ? save_stack+0xa9/0xd0 [ 36.536504] ? save_stack+0x43/0xd0 [ 36.540139] ? __kasan_slab_free+0x11a/0x170 [ 36.544546] ? kasan_slab_free+0xe/0x10 [ 36.548522] ? putname+0xf2/0x130 [ 36.551978] ? __x64_sys_openat+0x9d/0x100 [ 36.556215] ? do_syscall_64+0x1b9/0x820 [ 36.560277] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.565641] ? trace_hardirqs_off+0xb8/0x2b0 [ 36.570044] ? kasan_check_read+0x11/0x20 [ 36.574189] ? do_raw_spin_unlock+0xa7/0x2f0 [ 36.578596] ? trace_hardirqs_on+0x2c0/0x2c0 [ 36.583011] ? initcall_blacklisted+0x9a/0x1e0 [ 36.587595] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 36.592709] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 36.598425] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.603964] ? do_vfs_ioctl+0x201/0x1720 [ 36.608034] ? rcu_is_watching+0x8c/0x150 [ 36.612178] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.616501] ? ioctl_preallocate+0x300/0x300 [ 36.620911] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.626453] ? __fget_light+0x2f7/0x440 [ 36.630425] ? fget_raw+0x20/0x20 [ 36.633875] ? putname+0xf2/0x130 [ 36.637331] ? rcu_read_lock_sched_held+0x108/0x120 [ 36.642345] ? kmem_cache_free+0x246/0x280 [ 36.646592] ? putname+0xf7/0x130 [ 36.650054] do_group_exit+0x177/0x440 [ 36.653941] ? trace_hardirqs_on+0xbd/0x2c0 [ 36.658267] ? __ia32_sys_exit+0x50/0x50 [ 36.662334] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 36.667439] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 36.672975] ? ksys_ioctl+0x81/0xd0 [ 36.676602] __x64_sys_exit_group+0x3e/0x50 [ 36.680929] do_syscall_64+0x1b9/0x820 [ 36.684818] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 36.690188] ? syscall_return_slowpath+0x5e0/0x5e0 [ 36.695126] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.699967] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 36.704985] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 36.709998] ? prepare_exit_to_usermode+0x291/0x3b0 [ 36.715019] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 36.719865] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.725052] RIP: 0033:0x43f028 [ 36.728250] Code: Bad RIP value. [ 36.731617] RSP: 002b:00007ffe3eb07388 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 36.739322] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 36.746585] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 36.753853] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 36.761121] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 36.768387] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 36.775654] [ 36.777272] Allocated by task 4669: [ 36.780899] save_stack+0x43/0xd0 [ 36.784348] kasan_kmalloc+0xc4/0xe0 [ 36.788056] kasan_slab_alloc+0x12/0x20 [ 36.792028] kmem_cache_alloc+0x12e/0x710 [ 36.796176] vmx_create_vcpu+0xcf/0x2830 [ 36.800234] kvm_arch_vcpu_create+0xe5/0x220 [ 36.804642] kvm_vm_ioctl+0x488/0x1d80 [ 36.808529] do_vfs_ioctl+0x1de/0x1720 [ 36.812414] ksys_ioctl+0xa9/0xd0 [ 36.815861] __x64_sys_ioctl+0x73/0xb0 [ 36.819748] do_syscall_64+0x1b9/0x820 [ 36.823636] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.828813] [ 36.830436] Freed by task 4669: [ 36.833713] save_stack+0x43/0xd0 [ 36.837162] __kasan_slab_free+0x11a/0x170 [ 36.841394] kasan_slab_free+0xe/0x10 [ 36.845196] kmem_cache_free+0x86/0x280 [ 36.849169] vmx_free_vcpu+0x26b/0x300 [ 36.853057] kvm_arch_destroy_vm+0x365/0x7c0 [ 36.857466] kvm_put_kvm+0x73f/0x1060 [ 36.861263] kvm_vm_release+0x42/0x50 [ 36.865057] __fput+0x38a/0xa40 [ 36.868330] ____fput+0x15/0x20 [ 36.871603] task_work_run+0x1e8/0x2a0 [ 36.875494] do_exit+0x1ae4/0x26e0 [ 36.879029] do_group_exit+0x177/0x440 [ 36.882912] __x64_sys_exit_group+0x3e/0x50 [ 36.887236] do_syscall_64+0x1b9/0x820 [ 36.891128] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 36.896305] [ 36.897930] The buggy address belongs to the object at ffff8801b8350040 [ 36.897930] which belongs to the cache kvm_vcpu of size 23872 [ 36.910503] The buggy address is located 24 bytes inside of [ 36.910503] 23872-byte region [ffff8801b8350040, ffff8801b8355d80) [ 36.922457] The buggy address belongs to the page: [ 36.927387] page:ffffea0006e0d400 count:1 mapcount:0 mapping:ffff8801d8683000 index:0x0 compound_mapcount: 0 [ 36.937356] flags: 0x2fffc0000008100(slab|head) [ 36.942031] raw: 02fffc0000008100 ffff8801d534dc48 ffff8801d534dc48 ffff8801d8683000 [ 36.949914] raw: 0000000000000000 ffff8801b8350040 0000000100000001 0000000000000000 [ 36.957788] page dumped because: kasan: bad access detected [ 36.963494] [ 36.965118] Memory state around the buggy address: [ 36.970048] ffff8801b834ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.977403] ffff8801b834ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 36.984760] >ffff8801b8350000: fc fc fc fc fc fc fc fc fb fb fb fb fb fb fb fb [ 36.992118] ^ [ 36.998348] ffff8801b8350080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.005705] ffff8801b8350100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 37.013055] ================================================================== [ 37.020408] Kernel panic - not syncing: panic_on_warn set ... [ 37.020408] [ 37.027776] CPU: 1 PID: 4669 Comm: syz-executor219 Tainted: G B 4.19.0-rc1+ #217 [ 37.036608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.045957] Call Trace: [ 37.048554] dump_stack+0x1c9/0x2b4 [ 37.052183] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.057371] ? lock_downgrade+0x8f0/0x8f0 [ 37.061520] ? __schedule+0xf54/0x1df0 [ 37.065407] panic+0x238/0x4e7 [ 37.069120] ? add_taint.cold.5+0x16/0x16 [ 37.073275] ? print_shadow_for_address+0xba/0x116 [ 37.078200] ? trace_hardirqs_off+0xaf/0x2b0 [ 37.082606] ? trace_hardirqs_off+0x77/0x2b0 [ 37.087020] ? __schedule+0xf54/0x1df0 [ 37.090993] kasan_end_report+0x47/0x4f [ 37.094966] kasan_report.cold.7+0x76/0x30d [ 37.099290] __asan_report_load8_noabort+0x14/0x20 [ 37.104218] __schedule+0xf54/0x1df0 [ 37.107928] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.113033] ? __sched_text_start+0x8/0x8 [ 37.117180] ? __call_srcu+0x7e7/0x1040 [ 37.121177] ? check_same_owner+0x340/0x340 [ 37.125497] ? mark_held_locks+0x160/0x160 [ 37.129728] ? find_held_lock+0x36/0x1c0 [ 37.133792] preempt_schedule_common+0x22/0x60 [ 37.138374] _cond_resched+0x1d/0x30 [ 37.142086] wait_for_completion+0xa5/0x8d0 [ 37.146418] ? wait_for_completion_interruptible+0x950/0x950 [ 37.152215] ? __lockdep_init_map+0x105/0x590 [ 37.156713] ? __init_waitqueue_head+0x9e/0x150 [ 37.161380] ? init_wait_entry+0x1c0/0x1c0 [ 37.165627] __synchronize_srcu+0x189/0x240 [ 37.169949] ? call_srcu+0x10/0x10 [ 37.173490] ? rcu_unexpedite_gp+0x20/0x20 [ 37.177736] synchronize_srcu+0x335/0x56f [ 37.181884] ? lock_downgrade+0x8f0/0x8f0 [ 37.186031] ? synchronize_srcu_expedited+0x20/0x20 [ 37.191054] ? kasan_check_read+0x11/0x20 [ 37.195208] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.199793] ? kasan_check_write+0x14/0x20 [ 37.204030] ? do_raw_spin_lock+0xc1/0x200 [ 37.208269] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.213987] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.219439] ? kvfree+0x61/0x70 [ 37.222723] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.227742] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.231804] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.236213] ? kvm_arch_sync_events+0x30/0x30 [ 37.240712] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.246289] ? mmu_notifier_unregister+0x474/0x600 [ 37.251301] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.255706] ? kfree+0x111/0x210 [ 37.259071] ? __mmu_notifier_register+0x30/0x30 [ 37.263839] ? __free_pages+0x10a/0x190 [ 37.267817] ? free_unref_page+0x930/0x930 [ 37.272079] kvm_put_kvm+0x73f/0x1060 [ 37.275896] ? kvm_write_guest_cached+0x40/0x40 [ 37.280575] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.285074] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.289581] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.294204] ? kasan_check_write+0x14/0x20 [ 37.298443] ? do_raw_spin_lock+0xc1/0x200 [ 37.302682] ? kvm_irqfd_release+0xdd/0x120 [ 37.307005] ? kvm_irqfd_release+0xdd/0x120 [ 37.311329] ? kvm_put_kvm+0x1060/0x1060 [ 37.315390] kvm_vm_release+0x42/0x50 [ 37.319194] __fput+0x38a/0xa40 [ 37.322476] ? __alloc_file+0x400/0x400 [ 37.326454] ? check_same_owner+0x340/0x340 [ 37.330779] ? kasan_check_write+0x14/0x20 [ 37.335014] ? do_raw_spin_lock+0xc1/0x200 [ 37.339250] ____fput+0x15/0x20 [ 37.342527] task_work_run+0x1e8/0x2a0 [ 37.346415] ? task_work_cancel+0x240/0x240 [ 37.350744] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.356288] ? switch_task_namespaces+0xa2/0xd0 [ 37.360961] do_exit+0x1ae4/0x26e0 [ 37.364504] ? mm_update_next_owner+0x9a0/0x9a0 [ 37.369178] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 37.373412] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.378434] ? kfree+0x1d7/0x210 [ 37.381800] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 37.386039] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 37.391752] ? is_bpf_text_address+0xd7/0x170 [ 37.396246] ? kernel_text_address+0x79/0xf0 [ 37.400651] ? __kernel_text_address+0xd/0x40 [ 37.405237] ? unwind_get_return_address+0x61/0xa0 [ 37.410169] ? __save_stack_trace+0x8d/0xf0 [ 37.414496] ? save_stack+0xa9/0xd0 [ 37.418133] ? save_stack+0x43/0xd0 [ 37.421774] ? __kasan_slab_free+0x11a/0x170 [ 37.426182] ? kasan_slab_free+0xe/0x10 [ 37.430158] ? putname+0xf2/0x130 [ 37.433616] ? __x64_sys_openat+0x9d/0x100 [ 37.438037] ? do_syscall_64+0x1b9/0x820 [ 37.442110] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.447481] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.451893] ? kasan_check_read+0x11/0x20 [ 37.456042] ? do_raw_spin_unlock+0xa7/0x2f0 [ 37.460453] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.464865] ? initcall_blacklisted+0x9a/0x1e0 [ 37.469456] ? _raw_spin_unlock_irqrestore+0x63/0xc0 [ 37.474569] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 37.480288] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.485828] ? do_vfs_ioctl+0x201/0x1720 [ 37.489890] ? rcu_is_watching+0x8c/0x150 [ 37.494039] ? trace_hardirqs_on+0xbd/0x2c0 [ 37.498368] ? ioctl_preallocate+0x300/0x300 [ 37.502782] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.508352] ? __fget_light+0x2f7/0x440 [ 37.512328] ? fget_raw+0x20/0x20 [ 37.515782] ? putname+0xf2/0x130 [ 37.519241] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.524259] ? kmem_cache_free+0x246/0x280 [ 37.528493] ? putname+0xf7/0x130 [ 37.531947] do_group_exit+0x177/0x440 [ 37.535835] ? trace_hardirqs_on+0xbd/0x2c0 [ 37.540156] ? __ia32_sys_exit+0x50/0x50 [ 37.544248] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.549354] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 37.554891] ? ksys_ioctl+0x81/0xd0 [ 37.558524] __x64_sys_exit_group+0x3e/0x50 [ 37.562853] do_syscall_64+0x1b9/0x820 [ 37.566739] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 37.572110] ? syscall_return_slowpath+0x5e0/0x5e0 [ 37.577038] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.581881] ? trace_hardirqs_on_caller+0x2b0/0x2b0 [ 37.586903] ? prepare_exit_to_usermode+0x3b0/0x3b0 [ 37.591925] ? prepare_exit_to_usermode+0x291/0x3b0 [ 37.596943] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 37.601788] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.606977] RIP: 0033:0x43f028 [ 37.610171] Code: Bad RIP value. [ 37.613529] RSP: 002b:00007ffe3eb07388 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 37.621235] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000000000043f028 [ 37.628499] RDX: 0000000000000000 RSI: 000000000000003c RDI: 0000000000000000 [ 37.635781] RBP: 00000000004c08e8 R08: 00000000000000e7 R09: ffffffffffffffd0 [ 37.643046] R10: 00000000004002c8 R11: 0000000000000246 R12: 0000000000000001 [ 37.650311] R13: 00000000006d2180 R14: 0000000000000000 R15: 0000000000000000 [ 37.657606] [ 37.657617] ====================================================== [ 37.657622] WARNING: possible circular locking dependency detected [ 37.657642] 4.19.0-rc1+ #217 Not tainted [ 37.657647] ------------------------------------------------------ [ 37.657652] syz-executor219/4669 is trying to acquire lock: [ 37.657656] 000000007c39d1b1 ((console_sem).lock){-...}, at: down_trylock+0x13/0x70 [ 37.657671] [ 37.657675] but task is already holding lock: [ 37.657679] 000000009f913566 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 37.657693] [ 37.657697] which lock already depends on the new lock. [ 37.657700] [ 37.657702] [ 37.657707] the existing dependency chain (in reverse order) is: [ 37.657710] [ 37.657712] -> #3 (report_lock){....}: [ 37.657727] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.657730] kasan_report+0x8e/0x110 [ 37.657735] __asan_report_load8_noabort+0x14/0x20 [ 37.657739] __schedule+0xf54/0x1df0 [ 37.657743] preempt_schedule_common+0x22/0x60 [ 37.657747] _cond_resched+0x1d/0x30 [ 37.657751] wait_for_completion+0xa5/0x8d0 [ 37.657755] __synchronize_srcu+0x189/0x240 [ 37.657760] synchronize_srcu+0x335/0x56f [ 37.657764] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.657769] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.657773] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.657777] kvm_put_kvm+0x73f/0x1060 [ 37.657781] kvm_vm_release+0x42/0x50 [ 37.657784] __fput+0x38a/0xa40 [ 37.657788] ____fput+0x15/0x20 [ 37.657792] task_work_run+0x1e8/0x2a0 [ 37.657796] do_exit+0x1ae4/0x26e0 [ 37.657800] do_group_exit+0x177/0x440 [ 37.657804] __x64_sys_exit_group+0x3e/0x50 [ 37.657808] do_syscall_64+0x1b9/0x820 [ 37.657812] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.657815] [ 37.657817] -> #2 (&rq->lock){-.-.}: [ 37.657831] _raw_spin_lock+0x2a/0x40 [ 37.657835] task_fork_fair+0x93/0x680 [ 37.657839] sched_fork+0x44b/0xbd0 [ 37.657843] copy_process+0x235e/0x7ad0 [ 37.657846] _do_fork+0x1ca/0x1170 [ 37.657850] kernel_thread+0x34/0x40 [ 37.657854] rest_init+0x22/0xe4 [ 37.657858] start_kernel+0x913/0x94e [ 37.657862] x86_64_start_reservations+0x29/0x2b [ 37.657866] x86_64_start_kernel+0x76/0x79 [ 37.657870] secondary_startup_64+0xa4/0xb0 [ 37.657873] [ 37.657875] -> #1 (&p->pi_lock){-.-.}: [ 37.657889] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.657893] try_to_wake_up+0xd2/0x1250 [ 37.657897] wake_up_process+0x10/0x20 [ 37.657901] __up.isra.1+0x1c0/0x2a0 [ 37.657905] up+0x13c/0x1c0 [ 37.657909] __up_console_sem+0xbe/0x1b0 [ 37.657913] console_unlock+0x506/0x10d0 [ 37.657916] vprintk_emit+0x33a/0x910 [ 37.657920] vprintk_default+0x28/0x30 [ 37.657924] vprintk_func+0x7a/0x117 [ 37.657928] printk+0xa7/0xcf [ 37.657931] load_umh+0x51/0xbd [ 37.657935] do_one_initcall+0x127/0x838 [ 37.657939] kernel_init_freeable+0x4bb/0x5ae [ 37.657943] kernel_init+0x11/0x1b3 [ 37.657947] ret_from_fork+0x3a/0x50 [ 37.657949] [ 37.657952] -> #0 ((console_sem).lock){-...}: [ 37.657966] lock_acquire+0x1e4/0x4f0 [ 37.657971] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.657974] down_trylock+0x13/0x70 [ 37.657979] __down_trylock_console_sem+0xae/0x200 [ 37.657983] console_trylock+0x15/0xa0 [ 37.657987] vprintk_emit+0x31f/0x910 [ 37.657991] vprintk_default+0x28/0x30 [ 37.657994] vprintk_func+0x7a/0x117 [ 37.657998] printk+0xa7/0xcf [ 37.658002] kasan_report+0x9e/0x110 [ 37.658006] __asan_report_load8_noabort+0x14/0x20 [ 37.658010] __schedule+0xf54/0x1df0 [ 37.658014] preempt_schedule_common+0x22/0x60 [ 37.658018] _cond_resched+0x1d/0x30 [ 37.658022] wait_for_completion+0xa5/0x8d0 [ 37.658026] __synchronize_srcu+0x189/0x240 [ 37.658030] synchronize_srcu+0x335/0x56f [ 37.658036] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.658039] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.658044] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.658047] kvm_put_kvm+0x73f/0x1060 [ 37.658051] kvm_vm_release+0x42/0x50 [ 37.658055] __fput+0x38a/0xa40 [ 37.658058] ____fput+0x15/0x20 [ 37.658062] task_work_run+0x1e8/0x2a0 [ 37.658066] do_exit+0x1ae4/0x26e0 [ 37.658070] do_group_exit+0x177/0x440 [ 37.658074] __x64_sys_exit_group+0x3e/0x50 [ 37.658078] do_syscall_64+0x1b9/0x820 [ 37.658083] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 37.658085] [ 37.658089] other info that might help us debug this: [ 37.658092] [ 37.658095] Chain exists of: [ 37.658097] (console_sem).lock --> &rq->lock --> report_lock [ 37.658124] [ 37.658128] Possible unsafe locking scenario: [ 37.658131] [ 37.658135] CPU0 CPU1 [ 37.658139] ---- ---- [ 37.658141] lock(report_lock); [ 37.658151] lock(&rq->lock); [ 37.658160] lock(report_lock); [ 37.658168] lock((console_sem).lock); [ 37.658176] [ 37.658180] *** DEADLOCK *** [ 37.658182] [ 37.658186] 2 locks held by syz-executor219/4669: [ 37.658188] #0: 000000007ca53d6b (&rq->lock){-.-.}, at: __schedule+0x24d/0x1df0 [ 37.658206] #1: 000000009f913566 (report_lock){....}, at: kasan_report+0x8e/0x110 [ 37.658223] [ 37.658226] stack backtrace: [ 37.658232] CPU: 1 PID: 4669 Comm: syz-executor219 Not tainted 4.19.0-rc1+ #217 [ 37.658239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 37.658242] Call Trace: [ 37.658246] dump_stack+0x1c9/0x2b4 [ 37.658251] ? dump_stack_print_info.cold.2+0x52/0x52 [ 37.658255] ? vprintk_func+0x100/0x117 [ 37.658260] print_circular_bug.isra.34.cold.55+0x1bd/0x27d [ 37.658263] ? save_trace+0xe0/0x290 [ 37.658267] __lock_acquire+0x3449/0x5020 [ 37.658272] ? mark_held_locks+0x160/0x160 [ 37.658276] ? mark_held_locks+0x160/0x160 [ 37.658280] ? rcu_cleanup_dead_rnp+0x200/0x200 [ 37.658284] ? is_bpf_text_address+0xd7/0x170 [ 37.658288] ? kernel_text_address+0x79/0xf0 [ 37.658293] ? __kernel_text_address+0xd/0x40 [ 37.658297] ? __save_stack_trace+0x8d/0xf0 [ 37.658301] ? add_lock_to_list.isra.27+0x1ec/0x4b0 [ 37.658305] ? save_trace+0x290/0x290 [ 37.658309] ? save_stack_trace+0x1a/0x20 [ 37.658313] ? save_trace+0xe0/0x290 [ 37.658317] ? graph_lock+0x170/0x170 [ 37.658322] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.658326] lock_acquire+0x1e4/0x4f0 [ 37.658330] ? down_trylock+0x13/0x70 [ 37.658334] ? lock_release+0x9f0/0x9f0 [ 37.658338] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.658342] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.658346] ? trace_hardirqs_off+0xb8/0x2b0 [ 37.658350] ? log_store+0x34f/0x4c0 [ 37.658354] ? vprintk_emit+0x31f/0x910 [ 37.658358] _raw_spin_lock_irqsave+0x96/0xc0 [ 37.658362] ? down_trylock+0x13/0x70 [ 37.658366] down_trylock+0x13/0x70 [ 37.658370] __down_trylock_console_sem+0xae/0x200 [ 37.658374] console_trylock+0x15/0xa0 [ 37.658378] vprintk_emit+0x31f/0x910 [ 37.658382] ? wake_up_klogd+0x110/0x110 [ 37.658386] ? run_rebalance_domains+0x4c0/0x4c0 [ 37.658390] ? kasan_check_read+0x11/0x20 [ 37.658394] ? rcu_is_watching+0x8c/0x150 [ 37.658398] ? rcu_pm_notify+0xc0/0xc0 [ 37.658402] ? lock_acquire+0x1e4/0x4f0 [ 37.658406] ? kasan_report+0x8e/0x110 [ 37.658410] ? __schedule+0xf54/0x1df0 [ 37.658414] vprintk_default+0x28/0x30 [ 37.658417] vprintk_func+0x7a/0x117 [ 37.658421] printk+0xa7/0xcf [ 37.658425] ? kmsg_dump_rewind_nolock+0xe4/0xe4 [ 37.658429] ? kasan_check_write+0x14/0x20 [ 37.658433] ? do_raw_spin_lock+0xc1/0x200 [ 37.658437] ? do_raw_spin_lock+0xc1/0x200 [ 37.658441] kasan_report+0x9e/0x110 [ 37.658446] __asan_report_load8_noabort+0x14/0x20 [ 37.658449] __schedule+0xf54/0x1df0 [ 37.658454] ? trace_hardirqs_off_caller+0x2b0/0x2b0 [ 37.658458] ? __sched_text_start+0x8/0x8 [ 37.658462] ? __call_srcu+0x7e7/0x1040 [ 37.658466] ? check_same_owner+0x340/0x340 [ 37.658470] ? mark_held_locks+0x160/0x160 [ 37.658474] ? find_held_lock+0x36/0x1c0 [ 37.658479] preempt_schedule_common+0x22/0x60 [ 37.658482] _cond_resched+0x1d/0x30 [ 37.658487] wait_for_completion+0xa5/0x8d0 [ 37.658492] ? wait_for_completion_interruptible+0x950/0x950 [ 37.658496] ? __lockdep_init_map+0x105/0x590 [ 37.658500] ? __init_waitqueue_head+0x9e/0x150 [ 37.658504] ? init_wait_entry+0x1c0/0x1c0 [ 37.658508] __synchronize_srcu+0x189/0x240 [ 37.658512] ? call_srcu+0x10/0x10 [ 37.658516] ? rcu_unexpedite_gp+0x20/0x20 [ 37.658520] synchronize_srcu+0x335/0x56f [ 37.658524] ? lock_downgrade+0x8f0/0x8f0 [ 37.658529] ? synchronize_srcu_expedited+0x20/0x20 [ 37.658533] ? kasan_check_read+0x11/0x20 [ 37.658537] ? do_raw_spin_trylock+0x1c0/0x1c0 [ 37.658542] ? kasan_check_write+0x14/0x20 [ 37.658546] ? do_raw_spin_lock+0xc1/0x200 [ 37.658551] kvm_page_track_unregister_notifier+0x17d/0x250 [ 37.658556] ? kvm_slot_page_track_remove_page+0x70/0x70 [ 37.658559] ? kvfree+0x61/0x70 [ 37.658564] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.658568] kvm_mmu_uninit_vm+0x1c/0x20 [ 37.658572] kvm_arch_destroy_vm+0x5f2/0x7c0 [ 37.658576] ? kvm_arch_sync_events+0x30/0x30 [ 37.658581] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.658586] ? mmu_notifier_unregister+0x474/0x600 [ 37.658590] ? trace_hardirqs_on+0x2c0/0x2c0 [ 37.658593] ? kfree+0x111/0x210 [ 37.658598] ? __mmu_notifier_register+0x30/0x30 [ 37.658602] ? __free_pages+0x10a/0x190 [ 37.658606] ? free_unref_page+0x930/0x930 [ 37.658610] kvm_put_kvm+0x73f/0x1060 [ 37.658619] ? kvm_write_guest_cached+0x40/0x40 [ 37.658623] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.658628] ? _raw_spin_unlock_irq+0x27/0x70 [ 37.658632] ? lockdep_hardirqs_on+0x421/0x5c0 [ 37.658636] ? kasan_check_write+0x14/0x20 [ 37.658640] ? do_raw_spin_lock+0xc1/0x200 [ 37.658644] ? kvm_irqfd_release+0xdd/0x120 [ 37.658648] ? kvm_irqfd_release+0xdd/0x120 [ 37.658652] ? kvm_put_kvm+0x1060/0x1060 [ 37.658656] kvm_vm_release+0x42/0x50 [ 37.658660] __fput+0x38a/0xa40 [ 37.658663] ? __alloc_file+0x400/0x400 [ 37.658668] ? check_same_owner+0x340/0x340 [ 37.658672] ? kasan_check_write+0x14/0x20 [ 37.658676] ? do_raw_spin_lock+0xc1/0x200 [ 37.658679] ____fput+0x15/0x20 [ 37.658683] task_work_run+0x1e8/0x2a0 [ 37.658687] ? task_work_cancel+0x240/0x240 [ 37.658692] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 37.658696] ? switch_task_namespaces+0xa2/0xd0 [ 37.658700] do_exit+0x1ae4/0x26e0 [ 37.658704] ? mm_update_next_owner+0x9a0/0x9a0 [ 37.658708] ? kvm_vcpu_ioctl+0x2b5/0x1280 [ 37.658713] ? rcu_read_lock_sched_held+0x108/0x120 [ 37.658717] ? kfree+0x1d7/0x210 [ 37.658721] ? kvm_vcpu_ioctl+0x2ba/0x1280 [ 37.658726] ? kvm_uevent_notify_change.part.32+0x440/0x440 [ 37.658730] ? is_bpf_text_address+0xd7/0x170 [ 37.658732] ? [ 37.658740] Lost 55 message(s)! [ 38.731159] Shutting down cpus with NMI [ 39.791606] Dumping ftrace buffer: [ 39.795142] (ftrace buffer empty) [ 39.798829] Kernel Offset: disabled [ 39.802438] Rebooting in 86400 seconds..